Privacy Policy | SemanticGuard

1. Who We Are

SemanticGuard is operated by KB-AI LLC (“SemanticGuard”, “we”, “us”). This policy explains how we handle personal data when you use the SemanticGuard AI gateway service. Our contact details for any privacy question are at the end of this document.

2. Data We Collect

Account information: email address, authentication credentials (password hash, optional TOTP MFA secret, optional passkey public-key credentials), and (if you sign in with Google or GitHub) the OAuth identifier returned by that provider.
Usage metrics: token counts, latency, cost estimates, cache hit/miss ratios, model identifiers, and the truncated prefix hash of your prompt (only when Store Prompts is enabled; see below). These are always collected for billing and analytics.
Prompts and responses:only stored if you explicitly enable the “Store Prompts” setting. When disabled, we log request metadata (model, cost, cache status) but never store prompt or response content. You can also disable request tracing entirely from the same Settings page.
API key hashes: we store a one-way SHA-256 hash of your SemanticGuard API key and of any upstream LLM provider API key you route through us. We never store either key in plaintext.
Audit log: for admin actions (key creation, settings changes, role changes, logins, OAuth flows) we record the timestamp, user id, IP address, and user agent. Retained for 365 days unless your tenant configures otherwise.
Billing data: if you upgrade to Pro or Enterprise, our payments processor (Stripe) collects payment method information directly; we store only the Stripe customer / subscription identifier and usage totals needed to produce invoices.
Session cookies:a single signed-JWT session cookie (HttpOnly, Secure, SameSite=Lax) set on sign-in. Required for authentication; we do not use cookies for advertising or third-party analytics. See “Cookies” below.

3. Personally Identifiable Information Redaction

When prompt storage is enabled, SemanticGuard automatically redacts a configurable set of sensitive patterns from stored prompt and response text before they are written to the database. This includes API keys for major providers (OpenAI, Anthropic, AWS, GCP, GitHub, Stripe, Slack, SendGrid), JWT tokens, PEM-formatted private keys, email addresses, phone numbers, and US Social Security Numbers. Redaction is on by default and can be disabled by tenant admins from the Settings page; it cannot be bypassed on a per-request basis.

4. Auxiliary LLM Calls

SemanticGuard makes auxiliary LLM calls to extract response templates for entity substitution (used in semantic caching). These calls are important to understand:

Every auxiliary call is routed through your own API key to the same vendor you are already using. We never send your prompts to a different vendor.
We use the cheapest available model from that vendor for these verification requests (e.g., Claude Haiku for Anthropic, GPT-4o-mini for OpenAI, Gemini Flash for Google).
Your prompts and data stay with your chosen vendor and are subject to that vendor's own privacy policy and data-handling terms.
Auxiliary calls are billed to your account by the upstream provider. The cost is typically negligible compared to the savings from caching, and the volume is capped per tenant per hour to prevent runaway spend.

5. Data Storage and Subprocessors

SemanticGuard offers two deployment models:

Hosted (default, semanticguard.dev): your data is stored on managed services operated by KB-AI LLC in the United States. The current list of subprocessors, their roles, and jurisdictions is published at /subprocessors and updated when subprocessors change. Material changes are announced on that page with at least 30 days' notice for active customers.
Self-hosted (via Vercel Marketplace, in submission; or via the Terraform module for Pro/Enterprise customers): the proxy and all data stores run in your own cloud account. SemanticGuard has no access to your stored data in this mode.

In both models, SemanticGuard does not aggregate customer data across tenants for any product purpose, including model training, benchmark publication, or feature development.

6. Data Retention

Request trace retention is configurable via the trace_retention_days setting (default: 30 days). You can adjust this at any time from the Settings page. When the retention period expires, request traces and associated data are automatically purged.

Cached responses are retained according to the cache TTL setting (default: 1 hour). Cache entries expire automatically and can also be cleared manually from the Cache Contents page.

Audit log entries are retained for 365 days. Account-level records (email, hashed credentials, subscription state) are retained for the lifetime of your account and deleted on account closure as described in Section 8.

7. What We Do Not Do

We do not sell your data to third parties.
We do not use your prompts, responses, or any user content to train machine learning models.
We do not share your data with other SemanticGuard customers.
We do not use cookies or pixels for cross-site advertising or behavioral tracking.

8. Your Rights

You have the following rights regarding your personal data:

Right to access: export all of your data at any time from the Settings page in the dashboard.
Right to deletion: delete your account and all associated data from the Settings page. This action is permanent.
Right to rectification: update your account information at any time through the dashboard.
Right to data portability: your data export is provided in a machine-readable JSON format that you can use to transfer your data to another service.
Right to stop prompt-content storage: disable the “Store Prompts” toggle to stop storing prompt and response content. Note: usage metadata (token counts, latency, cost, cache status, model identifier) continues to be logged for billing and analytics; only prompt and response text is affected. Disable “Request Tracing” to also stop per-request metadata logging.

California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by CPRA) gives you specific rights:

Categories of personal information collected: identifiers (email, account id, IP address), internet activity (request metadata), commercial information (subscription state), and (if you enable Store Prompts) inferences from prompt content. We do not knowingly collect “sensitive personal information” as defined in Cal. Civ. Code §1798.140(ae).
Right to know, delete, and correct:exercisable through the dashboard or by email to legal@semanticguard.dev.
Right to opt out of sale or sharing: we do not sell or share personal information as defined in CCPA / CPRA, and have not done so in the preceding 12 months. No opt-out toggle is required.
Right against retaliation: we will not deny service or change pricing for exercising any of these rights.

European Economic Area, United Kingdom, and Switzerland

If you are in the EEA, UK, or Switzerland, our legal bases for processing under the GDPR are: (a) contract performance for delivering the service you signed up for, including account management, billing, and serving proxied requests; (b) legitimate interest for security, fraud prevention, audit logging, and service-improvement analytics that do not use prompt or response content; (c) legal obligation for tax and accounting records; and (d) consent for the optional Store Prompts feature. You may withdraw consent for Store Prompts at any time from the Settings page.

Personal data is processed in the United States. For international transfers we rely on the EU Standard Contractual Clauses (and the UK Addendum where applicable). You may request a copy of the SCCs and our Data Processing Addendum by emailing legal@semanticguard.dev.

How to Exercise Your Rights

You can exercise most of these rights directly from the Settings page in your dashboard. You may also contact us at legal@semanticguard.dev for any data rights requests. We will respond to all verifiable requests within 30 days (45 days for CCPA requests, extendable by 45 additional days with notice).

9. Cookies

SemanticGuard uses only strictly necessary cookies for authentication and CSRF protection. We do not set advertising, analytics, or tracking cookies on the public site or dashboard. The full list of cookies we set:

sg-session (HttpOnly, Secure, SameSite=Lax) — signed-JWT session cookie set on sign-in. Lifetime: 7 days.
sg-oauth-state (HttpOnly, Secure, SameSite=Lax) — short-lived CSRF token used during OAuth sign-in flows.

10. Transactional and Product Email

We send transactional email through Resend: a welcome email on signup, billing receipts, security notices, and responses to support requests. These are necessary for service delivery and you cannot opt out while your account is active. We do not currently send marketing email; if we begin doing so we will add an unsubscribe link to every such message and update this policy.

11. Children

The service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact legal@semanticguard.dev and we will delete it.

12. Security Incidents

If we become aware of a security incident affecting your personal data, we will notify affected customers without undue delay and, where the incident meets the GDPR threshold under Article 33, no later than 72 hours after we become aware. US state-law notifications (e.g., CCPA, Illinois PIPA) will be issued within the timelines required by the applicable state law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. For material changes that reduce your rights, we will notify active customers by email at least 30 days before the change takes effect.

14. Contact

For privacy-related questions or requests, contact us at legal@semanticguard.dev. Postal mail: KB-AI LLC, attn: Legal, 30 N Gould St Ste R, Sheridan, WY 82801, United States.